#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/functions

function cli_start() {
	firewall_start $@
}

function cli_stop() {
	firewall_stop
}

function cli_show() {
	firewall_show $@
}

function cli_panic() {
	if cli_help_requested $@; then
		cli_show_man firewall-panic
		exit ${EXIT_OK}
	fi

	local admin_hosts
	while [ $# -gt 0 ]; do
		case "${1}" in
			*)
				if ip_is_valid ${1}; then
					admin_hosts="${admin_hosts} ${1}"
				else
					warning "Invalid IP address: ${1}"
				fi
				;;
		esac
		shift
	done

	firewall_panic ${admin_hosts}
}

function cli_config() {
	if cli_help_requested $@; then
		cli_usage root-config
		exit ${EXIT_OK}
	fi

	if [ -n "${1}" ]; then
		config_set $@
		firewall_config_write
	else
		firewall_config_print
	fi
}

function cli_zone() {
	if cli_help_requested $@; then
		cli_show_man firewall-zone
		exit ${EXIT_OK}
	fi

	if zone_name_is_valid ${1}; then
		local zone=${1}
		local action=${2}
		shift 2

		# Check if the given zone exists.
		if ! zone_exists ${zone}; then
			error "Zone '${zone}' does not exist."
			cli_run_help firewall zone

			exit ${EXIT_ERROR}
		fi

		# Process the given action.
		case "${action}" in
			edit)
				cli_zone_edit ${zone} $@
				;;
			status|"")
				cli_zone_status ${zone} $@
				;;

			# Print the raw configuration settings.
			show)
				firewall_zone_print ${zone} $@

				exit ${EXIT_ERROR}
				;;
			*)
				error "Unrecognized action: ${action}"
				cli_run_help firewall zone

				exit ${EXIT_ERROR}
				;;
		esac
	else
		local action=${1}
		shift

		case "${action}" in
			reset)
				firewall_zone_reset $@
				exit $?
				;;

			*)
				error "Unrecognized action: ${action}"
				cli_run_help firewall zone

				exit ${EXIT_ERROR}
				;;
		esac
	fi
}

# Show firewall zone conifguration.
function cli_zone_status() {
	local zone=${1}
	assert isset zone

	(
		firewall_zone_read ${zone}

		cli_headline 1 "Zone ${zone} (policy ${POLICY})"
		cli_print_fmt1 1 "Masquerade" "$(cli_print_bool ${MASQUERADE})"

		cli_space
	)

	exit ${EXIT_OK}
}

# Edit firewall zone configuration.
function cli_zone_edit() {
	firewall_zone_edit $@

	exit ${EXIT_OK}
}

# Parse the command line
while [ $# -gt 0 ]; do
	case "${1}" in
		-d|--debug)
			DEBUG=1
			log DEBUG "Enabled debugging mode"
			;;
		*)
			action=${1}
			;;
	esac
	shift
	[ -n "${action}" ] && break
done

# Process the given action
case "${action}" in
	start|restart|reload)
		cli_start $@
		;;

	stop)
		cli_stop $@
		;;

	show)
		cli_show $@
		;;

	panic)
		cli_panic $@
		;;

	config)
		cli_config $@
		;;

	zone)
		cli_zone $@
		;;

	""|help|--help|-h)
		cli_usage root
		exit ${EXIT_OK}
		;;

	*)
		error "Invalid command given: ${action}"
		cli_usage usage
		exit ${EXIT_CONF_ERROR}
		;;
esac

exit ${EXIT_OK}
